Saltcorn 0.8.7 - Security fix, file manager improvements

By Tom Nielsen
Published on 

Security fix for multitenancy installations with untrusted tenant admins: Saltcorn 0.8.7 contains an important security fix that in certain circumstances prevents unprivileged information access. Most installations are not affected, but if you operate a multi tenancy installation and have given untrusted users admin rights on subdomain tenants, those users are able to bypass the restriction to safe plugins and can install unsafe plugins (by installing a pack or restoring a backup). This is fixed in 0.8.7. if you would like the old behaviour under multi-tenancy settings you can enable the installation of unsafe plugins for tenants. Thank you to @PyHedgehog for reporting this.

Mermaid ER diagram: The entity relationship diagram got a large upgrade and is now backed by mermaid.js.

Undo redo table history: Users are now able to interact with the table history and can undo and redo row changes (history-control module). This module does not yet contain functionality for users to see the table history changes but this will come.

File editor improved: the File manager received numerous upgrades. Upload now go to the folder currently shown, you can upload by dragging icons from the desktop into the file list, there is search by file name and other small usability improvements.

Localised state: Views can now be embedded with a localized state. For instance, you could use this to build a comparator page that compares two different rows

Table component: The builder has a simple table component for when you want to build a table and put arbitrary content in each cell.

Recent posts